Functions for writing dissectors
Dissector
- A refererence to a dissector, used to call a dissector against a packet or a part of it.
function |
description |
Obtains a dissector reference by name |
|
Calls a dissector against a given packet (or part of it) |
Dissector.get(name)
Description
- Obtains a dissector reference by name
Parameters
name : string
- The name of the dissector (lower-case)
Returns
userdata: The Dissector reference
dissector:call(tvb, pinfo, tree)
Description
- Calls a dissector against a given packet (or part of it)
Parameters
tvb : TvbRange
- The buffer to dissect
pinfo : userdata
- The packet info
tree : TreeItem
- The tree on which to add the protocol items
DissectorTable
A table of subdissectors of a particular protocol (e.g. TCP subdissectors like http, smtp, sip are added to table "tcp.port"). Useful to add more dissectors to a table so that they appear in the Decode As... dialog.
Example
-- Add the Foo Protocol dissector to the DissectorTable for UDP ports at port 80 local udptab = DissectorTable.get("udp.port") udptab:add(80, proto_foo)
function |
description |
Creates a new DissectorTable for your dissector's use |
|
Obtains a reference to an existing dissector table |
|
Adds a dissector to a table |
|
Removes a dissector from a table |
|
Tries to call a dissector from a table |
|
Tries to obtain a dissector from a table |
DissectorTable.new(tablename, [uiname], [type], [base])
Description
Creates a new DissectorTable for your dissector's use
Parameters
tablename : string
The short name of the table. Use lower-case alphanumeric, dot, and/or underscores (e.g., "ansi_map.tele_id" or "udp.port")
uiname : string (optional)
The table name to display in the User Interface (defaults to the name given by tablename). This is a free-form string.
type : number (optional)
Field type (defaults to FT_UINT32)
type
meaning
ftypes.UINT8
8-bit unsigned integer
ftypes.UINT16
16-bit unsigned integer
ftypes.UINT24
24-bit unsigned integer
ftypes.UINT32
32-bit unsigned integer
ftypes.STRING
string
base : number (optional)
Numeric base of field (defaults to BASE_DEC)
base
meaning
base.NONE
not applicable (not a number)
base.DEC
show value in base-10
base.HEX
show value in base-16
base.OCT
show value in base-8
base.DEC_HEX
show value in base-10 followed by base-16 in parentheses (e.g., 10 (0x0a))
base.HEX_DEC
show value in base-16 followed by base-10 in parentheses (e.g., 0x0a (10))
Returns
userdata : The newly created DissectorTable
DissectorTable.get(tablename)
Description
- Obtains a reference to an existing dissector table
Parameters
tablename : string
- The short name of the table
Returns
userdata : The DissectorTable
dissectortable:add(pattern, dissector)
Description
- Adds a dissector to a table
Parameters
pattern : string
- The pattern to match (either an integer or a string depending on the table's type)
dissector : userdata
The dissector to add (either a Proto or a Dissector)
dissectortable:remove(pattern, dissector)
Description
- Removes a dissector from a table
Parameters
pattern : string
- The pattern to match (either an integer or a string depending on the table's type)
dissector : userdata
The dissector to add (either a Proto or a Dissector)
dissectortable:try(pattern, tvb, pinfo, tree)
Description
- Tries to call a dissector from a table
Parameters
pattern : string
- The pattern to be matched (either an integer or a string depending on the table's type)
tvb : userdata
The Tvb buffer to dissect
pinfo : userdata
- The packet info
tree : userdata
The TreeItem on which to add the protocol items
dissectortable:get_dissector(pattern)
Description
- Tries to obtain a dissector from a table
Parameters
pattern : string
- The pattern to be matched (either an integer or a string depending on the table's type)
Returns
userdata : The dissector handle if found; nil if not found